1

I have an Azure Container Registry (ACR) and am trying to create a pull task from another ACR using a Managed Identity and the oci link as context ex: oci://mycontainerregistry.azurecr.io/dotnetapp:latest however I noticed that whenever I try to execute the task, I am getting this error: Error: failed to download context. Please check if the URL is incorrect. If it has credentials, please check if they are expired

I tried for a bit to try to solve the problem figuring it was a permissions issue, however when I tried to simplify this and run a build directly on the registry that contains the container I am trying to pull from, I am getting the same error. Am I missing something? Maybe something is wrong with my oci link? I am somewhat new to this.

az acr build -r mycontainerregistry oci://mycontainerregistry.azurecr.io/dotnetapp:latest

Philip Young
  • 87
  • 8

1 Answers1

0

Error: failed to download context. Please check if the URL is incorrect. If it has credentials, please check if they are expired

The above error mention like your credentials from azure ad has been expired. A token, which serves as managed identity will expire after 3 hours try to login again to the registry or try to reset credentials and generate a new service principal.

Next try to validate that your credentials are authorized to access the registry in order to perform pull the task. If so, you should at least have the Reader role or equivalent permissions. To avoid any cache or cookies, you might try using an incognito or private session.

Make sure If using an Active Directory service principal, use the correct credentials in the Active Directory tenant as below:

  • User name - service principal application ID (client ID)
  • Password - service principal password (client secret)

In you azure active directory -> app registration ->your service app -> application (client)ID

enter image description here Client secrets enter image description here

Reference: container-registry-troubleshoot-login#confirm-credentials-are-authorized-to-access-registry

Alternatively, as per this reference by Steve

In Azure Container Registry while creating the Docker Registry Service Connection try to choose other service instead of this. and then enable admin user to use the credentials from that to create the service connection.

enter image description here

Reference: managed-identities-status-support-managed-identities-for-azure-resources

Imran
  • 3,875
  • 2
  • 3
  • 12